Assurance and business continuity
Management assurance framework
Read our management assurance framework. This document outlines the need for us to have an effective business control environment, reliable information systems, and internal controls.
External assurance
The Standard on Assurance Engagements ASAE 3402 'Assurance Reports on Controls at a Service Organisation' requires us to describe our systems. Log in to QSS's Self-Service Centre to read our system description. This documents our finance, human resources and technology services, transactions, system control objectives, and controls designed to achieve those objectives.
Payment Card Industry Data Security Standard
QSS's cardholder data controls meet the Payment Card Industry Data Security Standard (PCI DSS).
We completed an assessment of our processes for accepting, storing and transmitting cardholder information in July 2016. We successfully met all requirements and received a Certificate of Compliance.
Business continuity management
We have embedded business continuity management practices that align to:
- Information Standard – Information Security (IS18)
- department business continuity and disaster management framework, policy and guidelines
- Business Continuity Institute Good Practice Guidelines 2013.